Fixes hashicorp/terraform-provider-google#19540 (#12253)

yu-xin-li · web-flow · commit 3db026ca076c · 2024-11-07T16:22:13.000-08:00
diff --git a/mmv1/products/accesscontextmanager/ServicePerimeter.yaml b/mmv1/products/accesscontextmanager/ServicePerimeter.yaml
@@ -261,9 +261,11 @@ properties:
                 - name: 'identities'
                   type: Array
                   description: |
-                    A list of identities that are allowed access through this ingress policy.
-                    Should be in the format of email address. The email address should represent
-                    individual user or service account only.
+                    Identities can be an individual user, service account, Google group,
+                    or third-party identity. For third-party identity, only single identities
+                    are supported and other identity types are not supported.The v1 identities
+                    that have the prefix user, group and serviceAccount in
+                    https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
                   is_set: true
                   item_type:
                     type: String
@@ -398,9 +400,11 @@ properties:
                 - name: 'identities'
                   type: Array
                   description: |
-                    A list of identities that are allowed access through this `EgressPolicy`.
-                    Should be in the format of email address. The email address should
-                    represent individual user or service account only.
+                    Identities can be an individual user, service account, Google group,
+                    or third-party identity. For third-party identity, only single identities
+                    are supported and other identity types are not supported.The v1 identities
+                    that have the prefix user, group and serviceAccount in
+                    https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
                   is_set: true
                   item_type:
                     type: String
diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.yaml
@@ -112,9 +112,11 @@ properties:
       - name: 'identities'
         type: Array
         description: |
-          A list of identities that are allowed access through this `EgressPolicy`.
-          Should be in the format of email address. The email address should
-          represent individual user or service account only.
+          Identities can be an individual user, service account, Google group,
+          or third-party identity. For third-party identity, only single identities
+          are supported and other identity types are not supported.The v1 identities
+          that have the prefix user, group and serviceAccount in
+          https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
         item_type:
           type: String
       - name: 'sources'
diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.yaml
@@ -114,9 +114,11 @@ properties:
       - name: 'identities'
         type: Array
         description: |
-          A list of identities that are allowed access through this ingress policy.
-          Should be in the format of email address. The email address should represent
-          individual user or service account only.
+          Identities can be an individual user, service account, Google group,
+          or third-party identity. For third-party identity, only single identities
+          are supported and other identity types are not supported.The v1 identities
+          that have the prefix user, group and serviceAccount in
+          https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
         item_type:
           type: String
       - name: 'sources'
diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml
@@ -109,9 +109,11 @@ properties:
       - name: 'identities'
         type: Array
         description: |
-          A list of identities that are allowed access through this `EgressPolicy`.
-          Should be in the format of email address. The email address should
-          represent individual user or service account only.
+          Identities can be an individual user, service account, Google group,
+          or third-party identity. For third-party identity, only single identities
+          are supported and other identity types are not supported.The v1 identities
+          that have the prefix user, group and serviceAccount in
+          https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
         item_type:
           type: String
       - name: 'sources'
diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml
@@ -111,9 +111,11 @@ properties:
       - name: 'identities'
         type: Array
         description: |
-          A list of identities that are allowed access through this ingress policy.
-          Should be in the format of email address. The email address should represent
-          individual user or service account only.
+          Identities can be an individual user, service account, Google group,
+          or third-party identity. For third-party identity, only single identities
+          are supported and other identity types are not supported.The v1 identities
+          that have the prefix user, group and serviceAccount in
+          https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
         item_type:
           type: String
       - name: 'sources'
diff --git a/mmv1/products/accesscontextmanager/ServicePerimeters.yaml b/mmv1/products/accesscontextmanager/ServicePerimeters.yaml
@@ -662,9 +662,11 @@ properties:
                       - name: 'identities'
                         type: Array
                         description: |
-                          A list of identities that are allowed access through this `EgressPolicy`.
-                          Should be in the format of email address. The email address should
-                          represent individual user or service account only.
+                          Identities can be an individual user, service account, Google group,
+                          or third-party identity. For third-party identity, only single identities
+                          are supported and other identity types are not supported.The v1 identities
+                          that have the prefix user, group and serviceAccount in
+                          https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
                         is_set: true
                         item_type:
                           type: String
